Microsoft to patch software driver vulnerability

Microsoft has warned that a faulty driver used for copy protection could allow a hacker to gain high-level access to a PC.

The problem lies with a driver called secdrv.sys, which is part Macrovision's SafeDisc software included with Windows Server 2003 and Windows XP. The software, which can block unauthorized copying of some media, also ships with Windows Vista, but that OS is not affected.

Microsoft said it knows of "limited attacks" that try to use the vulnerability, in an attack known as an elevation of privilege. The vulnerability could allow a hacker with local access to a machine to elevate his access rights and gain administrator rights, for example, allowing him to install software.

Microsoft said it was concerned that the vulnerability had been disclosed before it had a chance to fix it, which puts people at greater risk. "We continue to encourage responsible disclosure of vulnerabilities," it said.

Danish security vendor Secunia said the vulnerability was first reported as a zero-day about two weeks ago, meaning the problem was being exploited by hackers as it became known.The company rated the vulnerability as "less critical," it's second lowest risk ranking for a vulnerability.

PCW Evaluation Team

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited. Copyright 2013 IDG Communications.
ABN 14 001 592 650. All rights reserved.

Contact Us

With over 25 years of brand awareness and credibility, Good Gear Guide (formerly PC World Australia), consistently delivers editorial excellence through award-winning content and trusted product reviews.